首页 新闻 搜索 专区 学院

IdentityServer4 验证 Personal Access Tokens (PAT) 的问题

0
悬赏园豆:30 [已解决问题] 解决于 2022-11-24 18:56

通过 Personal Access Tokens 访问受保护的 web api 时,出现下面的报错

System.InvalidOperationException: You must either set Authority or IntrospectionEndpoint
   at IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionOptions.Validate()
   at IdentityModel.AspNetCore.OAuth2Introspection.PostConfigureOAuth2IntrospectionOptions.PostConfigure(String name, OAuth2IntrospectionOptions options)
   at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
   at Microsoft.Extensions.Options.OptionsCache`1.<>c__3`1.<GetOrAdd>b__3_0(String name, ValueTuple`2 arg)
   at System.Collections.Concurrent.ConcurrentDictionary`2.GetOrAdd[TArg](TKey key, Func`3 valueFactory, TArg factoryArg`ument)
   at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd[TArg](String name, Func`3 createOptions, TArg factoryArgument)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.InitializeAsync(AuthenticationScheme scheme, HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandlerProvider.GetHandlerAsync(HttpContext context, String authenticationScheme)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync()

Startup.ConfigureServices 中是这么配置的

services.AddAuthentication("token")
    .AddJwtBearer("token", options =>
    {
        options.Authority = webApiOptions.Authority;
        options.Audience = webApiOptions.ApiName;
        options.RequireHttpsMetadata = webApiOptions.RequireHttpsMetadata;
        options.TokenValidationParameters.ValidTypes = new[] { "at+jwt" };
        options.TokenValidationParameters.ValidateIssuer = false;
        options.ForwardDefaultSelector = IdentityModel.AspNetCore.AccessTokenValidation.Selector.ForwardReferenceToken("introspection");
    })
    .AddOAuth2Introspection("introspection", options =>
    {
        options.Authority = webApiOptions.Authority;
        options.ClientId = webApiOptions.ApiName;
        options.ClientSecret = webApiOptions.ApiSecret;
        options.EnableCaching = true;
        options.DiscoveryPolicy.ValidateIssuerName = false;
    });

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddIdentityServerAuthentication(options =>
    {
        options.Authority = webApiOptions.Authority;
        options.ApiName = webApiOptions.ApiName;
        options.RequireHttpsMetadata = webApiOptions.RequireHttpsMetadata;
    });

请问如何解决?

dudu的主页 dudu | 高人七级 | 园豆:35040
提问于:2022-11-24 12:56

IdentityServer4 对应的实现代码:IdentityServerAuthenticationHandler.cs#L35

dudu 2个月前
< >
分享
最佳答案
0

在 AddIdentityServerAuthentication 中添加 ForwardDefaultSelector 设置解决了

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddIdentityServerAuthentication(options =>
    {
        options.Authority = webApiOptions.Authority;
        options.ApiName = webApiOptions.ApiName;
        options.RequireHttpsMetadata = webApiOptions.RequireHttpsMetadata;
        options.ForwardDefaultSelector = IdentityModel.AspNetCore.AccessTokenValidation.Selector.ForwardReferenceToken("introspection");
    });
dudu | 高人七级 |园豆:35040 | 2022-11-24 18:55
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册